7 Commits

Author	SHA1	Message	Date
zyc	7168e50a6e	fix: prod login + env-file driven config + scroll-snap bounce ... - env: 解封 .env / .env.production 提交, 仅忽略 .env.local 系列; .env.production 承载 DATABASE_URL / AUTH_SECRET / AUTH_URL / SMS_* / NEXT_PUBLIC_TOS_DOMAIN, Dockerfile runner 阶段 COPY 进 运行时镜像, Next.js standalone 启动自动加载 - ci: 移除 kubectl 注入 secret 步骤(env 已烧入镜像), 保留占位避免 envFrom optional 引用告警, 修复 /api/auth/providers 500 (缺 AUTH_SECRET) - auth: signIn 失败透传 NextAuth 真实错误码, 不再被"验证码错误"一刀切掩盖 - home: 首页 scroll-snap-type 由 mandatory 改 proximity, 修复滚动到 底部被强制吸回候选区顶部的回弹 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 17:31:00 +08:00
iye	1073262e12	ci(secret): inject Aliyun SMS credentials into cyberstar-env ... 线上 /api/auth/send-otp 返回 SMS_NOT_CONFIGURED, 因为 pod 的 process.env 里没有 SMS_*。沿用 DATABASE_URL 已有的硬编模式, 把 4 个短信变量也写进 workflow 的 kubectl create secret 步骤。 后续 pod rollout restart 已在原 workflow 中自动触发, 重启后 envFrom 会重新读到新 Secret。	2026-05-13 19:33:00 +08:00
iye	cfd44403cb	fix(deploy): inject NEXT_PUBLIC_TOS_DOMAIN at docker build time ... 线上 https://cyberstar.airlabs.art 立绘 + 视频全部缺失, 因为部署镜像里 NEXT_PUBLIC_TOS_DOMAIN 是空字符串, 触发 tosUrl() fallback 走相对路径 (/portraits/001.webp 等), 而 public/portraits 已经 .gitignore 不入镜像 → 全 404。 根因: Next.js 把 NEXT_PUBLIC_* 编译进 client bundle, 必须 build 时注入, 运行时通过 envFrom secret 注入无效。 修复: - Dockerfile builder 阶段加 ARG NEXT_PUBLIC_TOS_DOMAIN + ENV, 在 next build 前生效 - .gitea/workflows/deploy.yaml docker build 步骤加 --build-arg NEXT_PUBLIC_TOS_DOMAIN=... 推送后 CI 自动重建镜像, 部署后 HTML 里 src 会变成完整 TOS URL。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-13 19:03:35 +08:00
zyc	b3bdb60c81	ci: inline DATABASE_URL in workflow (volcano RDS internal endpoint) ... Matches the AirGate convention of putting infra credentials directly in the deploy yaml — no Gitea Secrets configuration required, push-to-deploy just works. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-13 15:28:55 +08:00
zyc	2c3357e33d	ci: trim cyberstar-env Secret to DATABASE_URL only ... Previous commit scoped too broadly. Other env vars (TOS/SMS/WECHAT/etc.) already have application-level fallbacks and aren't required to make the deploy work, so they don't need to be in the workflow yet. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-13 15:27:41 +08:00
zyc	19e789d6ac	ci: sync cyberstar-env Secret from Gitea repo secrets ... Previously cyberstar-env had to be created manually with kubectl, which broke the "git push = full deploy" expectation. Workflow now derives the runtime Secret from Gitea repo secrets each deploy, so DATABASE_URL, AUTH_SECRET, TOS/SMS/WECHAT credentials etc. are kept in one place and applied transactionally with the rest of the manifests. Repo secrets that need to exist in Gitea Settings: DATABASE_URL, REDIS_URL, AUTH_SECRET, TOS_ENDPOINT, TOS_REGION, TOS_BUCKET, TOS_ACCESS_KEY, TOS_SECRET_KEY, NEXT_PUBLIC_TOS_DOMAIN, WECHAT_APP_ID, WECHAT_APP_SECRET, SMS_ACCESS_KEY, SMS_SECRET_KEY, SMS_SIGN_NAME, SMS_TEMPLATE_CODE, HCAPTCHA_SITE_KEY, HCAPTCHA_SECRET Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-13 15:25:47 +08:00
zyc	c19b3b7b05	ci: add CI/CD pipeline for cyberstar.airlabs.art ... - Dockerfile: multi-stage Next.js standalone build with pnpm + prisma - k8s manifests: single web deployment + Traefik ingress + LE TLS - Gitea workflow: build/push to Volcano CR, deploy to K3s, log-center failure reporting - next.config: enable standalone output for slim container image Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-13 13:44:04 +08:00